stackoom
  简体   繁体   中英

Getting 400 Bad Request from Rest API for Keycloak with Consent Required ON

 原文  2020-07-01 13:42:19       java/ keycloak/ keycloak-rest-api

Question

I am getting HTTP 400 Bad Request from key cloak java code while Consent Required is set as ON . I am using the following code:

String realm = authenticationData.getRealm();
String clientName = authenticationData.getClientName();
String userName = authenticationData.getUserName();
String secret = authenticationData.getSecret();
String password = authenticationData.getPassword();
String authServerURL = authenticationData.getAuthServerURL();
ResteasyClient resteasyClient = new ResteasyClientBuilder().connectionPoolSize(10).register(new CustomJacksonProvider()).build();
Keycloak keycloak = KeycloakBuilder.builder()
        .serverUrl(authServerURL)
        .realm(realm)
        .grantType(OAuth2Constants.PASSWORD)
        .clientId(clientName)
        .clientSecret(secret)
        .username(userName)
        .password(password)
        .resteasyClient(resteasyClient)
        .build();
String authToken = keycloak.tokenManager().getAccessToken().getToken();

I have used the following libraries in the Gradle file.

compile 'org.keycloak:keycloak-adapter-core:7.0.0'
compile 'org.keycloak:keycloak-servlet-filter-adapter:7.0.0'
compile 'org.keycloak:keycloak-authz-client:7.0.0'
compile 'org.keycloak:keycloak-admin-client:7.0.0'
compile 'org.keycloak:keycloak-core:7.0.0'

with server as Server Version 7.0.0

Note: I have tried the same code with Consent Required set as OFF and it works.

1 answers

solution1
 1  2020-07-11 12:48:46

"Consent Required" means, the user first have to agree to use this data. As long as the user haven't agreed, you will get the "400". The IDP-Server says "I can't give you the data (because the user don't want this).". In normal screen based logins, the IDP would show a website to the user, to agree to consent. But with REST, this is obviously not possible.

Also "Consent" belongs not in the scope of a login. It belongs to the user-account. The user once gives his consent, then the consent is saved to his account. That is why you don't can set consent at login. BUT you can change the consent via REST-Api. Look at the package

org.keycloak.services.resources.account.AccountRestService

an the method

AccountRestService.updateConsent(String clientId, ConsentRepresentation consent)

(see here for API) . This might be what you want.

Look also here for docs https://issues.redhat.com/browse/KEYCLOAK-10653 .

And don't forget that you need to log in as admin(-like) to change user-data.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question HTTP PATCH request to TFS REST API from java application getting 400 (bad request) error getting 400 Bad request with Spring with rest Call drive Rest API: 400 bad request Android Rest Api Post 400 bad request DocuSign Java JWT authentication fails, 400 bad request, consent_required In app getting 400 Bad request in api response Android Drive Api getting 400 Bad Request Getting HTTP Status 400 – Bad Request in post request in rest assured Parse.com REST API Error Code 400: Bad Request from Java HTTP Request to Cloud Function Rest API : Post API Throwing 400 Bad request
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM